GoKawiilThe GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts.
The hardware maker says that successful exploitation could potentially lead to code execution on the underlying system, privilege escalation, and a denial-of-service condition.
The GIGABYTE Control Center (GCC), which comes pre-installed on all the company’s laptops and motherboards, is GIGABYTE’s all-in-one Windows utility that lets users manage and configure their hardware.
It supports hardware monitoring, fan control, performance tuning, RGB lighting control, driver and firmware updates, and device management.
A feature in the Control Center is “pairing,” which allows the tool to communicate with other devices or services over the network. Systems with the 'pairing' option enabled on Control Center versions 25.07.21.01 and earlier are exposed to attacks.
“When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation,” warned Taiwan’s CERT.
The issue, tracked as CVE-2026-4415, was discovered by SilentGrid security researcher David Sprüngli. Based on the CVSS v4.0 scoring system, the issue has a critical severity rating (9.2 out of 10).
Users are recommended to upgrade to the latest version of Control Center, currently 25.12.10.01, which includes fixes for download path management, message processing, and command encryption to effectively mitigate the vulnerability.
“Customers are strongly advised to upgrade to the latest GCC version immediately,” the vendor warns in the security bulletin.
It is recommended that users of GIGABYTE products download the latest GCC version from the vendor’s official software portal to minimize the risk of receiving trojanized installers.
... continue reading